ignite-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From pgarg <pg...@gridgain.com>
Subject Re: Securing a cluster
Date Fri, 08 May 2015 20:47:22 GMT
/commented by steve neal/

Hi Dimitry.

Our cluster is already configured to use I.P. discovery as our machines are
not on the same sub-net. However, this is not sufficiently secure for our
requirements as we work in a heavily audited industry.

For example, it is currently possible for a developer to releases a
component in our test environment and accidentally configures it with a
production I.P. address for discovery, their component would then
unwittingly join the prod cluster from a test/development environment.

I've seen there are a lot of Security processors and a plugin mechanism that
allows me to override the core services in the Kernal, but I do not know
which of these to swap our to be able to implement a white-list policy. I've
tried without much success at changing the GridSecurityProcessor. Am I
looking in the right place? Is there a simpler approach? The plugins are
quite complex.

Thanks.

----- 
/This post is migrated from now discontinued Apache Ignite forum at 
http://apacheignite.readme.io/v1.0/discuss/



--
View this message in context: http://apache-ignite-users.70518.x6.nabble.com/Securing-a-cluster-tp32p34.html
Sent from the Apache Ignite Users mailing list archive at Nabble.com.

Mime
View raw message